HERE ARE the Cybersecurity Axioms for the Science of Cybersecurity Framework (SCF); which is to be used in conjunction with the associated Lexicon that defines all Cybersecurity terms, concepts and word definitions.
[Axiom 1] Datum: A datum of any idea or thing is a pattern of meaning, an abbreviated description, definition or set of ‘facts’ concerning the thing in question; typically prescribing an event, object, feeling, etc.; in token of, as a sign, symbol, or evidence of something.
[Axiom 2] Datum Expression/Source: Datums are typically expressed within the boundaries of a specific language, medium, media and/or code; and normally each datum has an inherent lifetime whereby it may be created, stored, communicated, replicated, lost and/or destroyed etc. Each datum has a human and/or machine creator/author, plus normally human owner(s) and user(s) (ref. social accessibility (or privacy) status).
[Axiom 3] Datum Types: Datums come in three kinds:
- A private datum is accessible only by a restricted group of people—or a particular set of human beings; and is inaccessible to all other persons [Axiom 3.1].
- A secret datum is accessible only by a single human being—typically the owner and often the author; and is inaccessible to all other persons [Axiom 3.2].
- An open datum is (potentially) accessible by anyone— or by an unrestricted group of people [Axiom 3.3].
[Axiom 4] Communication System: A communication system is a system or facility for transferring datum(s)/patterns-of-meaning between persons and equipment. The system usually consists of a collection of individual communication networks, transmission systems, relay stations, tributary stations and terminal equipment capable of interconnection and interoperation so as to form an integrated whole.
[Axiom 5] SECURITY: Security for a person-to-person communication system—can be defined as protection of secrecy, privacy or openness of meaning; or the safe transfer of single/multiple datum(s) between human(s).
[Axiom 6] Social Accessibility (Privacy) Status: The ability of a person to see, know and/or change a datum’s form and/or content.
[Axiom 7] Protect = Lock, Block or Conceal an item.
[Axiom 8] Single-Copy-Send: Henceforth adjudging that a point-to-point communication is private and secure; is equivalent to saying that the original unit of meaning existing at the ‘source’ node has, as a result of the one-to-one replication, only one accessible copy— at the ‘receiver’ node. Furthermore this copy is—unequivocally—accessible only by the (trusted) human for whom the communication was intended (i.e. it is access- controlled).We call such a process single-copy-send—or socially secure communication.
[Axiom 8.1] Meta-Data: Whereby the process of communication may itself be private (no public meta-data exists); and there is no possibility of any nth-party obtaining a copy of the communicated datum.
[Axiom 9] Primary-Copy: A primary-copy is a place-holder for a private datum of meaning —existing within the boundaries of a point-to-point communication system; whose content and form are restricted in terms of social access (i.e who can see, know & change the same); whereby the datum is (ideally) communicated via single-copy-send from the source-point to any (and all) designated receiver-point(s).
[Axiom 10] Secondary-Copy: A secondary-copy is a (communicated/backup) replication of a primary-copy—existing within (or outside) the boundaries of a point-to-point communication system—that may be legitimately produced by the communication process itself (e.g. a central server copy); and/or be illegitimately created as a result of the unwarranted activities of a hacker.
[Axiom 11] Tertiary-Copy: A tertiary-copy is a replication of a primary or secondary copy —which is generated post-communication by extracting datum(s) from a large body of communication data (e.g. a transatlantic data pipe).
[Axiom 12] Absolute Security Target: For a point-to-point communication instance—is the replication of a single instance (or primary-copy) of a private-datum from one socially restricted access-node to another [ref. Absolute Security:TARGET]. In other words, it is the single-copy-send of a datum from one party to another; whereby no—socially accessible— nth-party copies exist whatsoever (hopefully persistently—or on a long-term basis).
[Axiom 13] Partial/Absent Security: Likewise we can define partial/absent security as the existence of any unprotected—or nth-party accessible— primary/secondary/tertiary datum-copies.
[Axiom 14] Digital Media: Digital-media are electronic media used to store, transmit and receive digitised information; and may refer to any media that has been encoded in a machine-readable format. Digital-media—or simply media—can be created, viewed, distributed, modified and preserved on computers. For our purposes we have compartmentalised media into three types: storage, transfer and access.
[Axiom 15] Datum-Copy: A datum is a discrete pattern of meaning that may be transferred between minds (network access-nodes). A datum-copy is a particular instantiation of a datum’s pattern—that exists inside or (potentially) outside of a point-to- point communication system. A copy has two primary aspects: firstly form (the encapsulating format)—or media of storage, communication/ delivery, and access; and secondly content (a representation with metrical, descriptive and selectional aspects).
[Axiom 16] Datum-Copy Ownership: A datum-copy has a natural owner—often the sender/creator of the datum.
[Axiom 17] Ownership Rights: Ownership rights include protection of social access (e.g. secrecy, privacy, openness) for the copy—in terms of who can see, know and/or change the content and/or form of the copy (ref. new owner(s)/user(s)).
[Axiom 18] Hacking: When we speak of—a datum-copy being hacked and/or a data- breach/system-exploit occurring—that is defined as unwarranted social access to the informational content of the datum (i.e. loss/change of privacy status.
[Axiom 19] Coherent Defence: Previously, for an act of private communication, we had assumed that a local access-node provided socially restricted access to primary-copies. However such a statement is predicated on the fact that each access-device affords an actor-coherent defence against any data-breaches—successfully.
[Axiom 20] Network Term And Hybrid Actors: Use of the term ‘network’—is problematic to say the least. This is because an access-device may be open to the data-processing activities of (any number of) inter-relating local-actors plus network-actors (i.e. human/ automated ones etc). Ergo hybrid-actors are formed that may be partially/fully invisible, overly complex, and/or unknowable in some way—and which may be—as yet—only potentially present.
[Axiom 21] Datum’s Context Of Use: A datum’s content may have a purely informational meaning (be descriptive) and/or a purely logical meaning (be functional)—or posses a combination of both kinds of meaning—according to context of use. However, the process of point-to-point transfer of a datum; is (normally) defined to be a transfer of information alone—and the datum (content) is immutable.
[Axiom 22] Datum Replication: Replication of a primary-copy (datum from + content) is transfer to a destination-point. It may be that a copy’s form (encapsulating media of storage, communication/delivery, and access etc) changes during replication—hence (datum) copies are mutable (form aspects).
[Axiom 23] Protection Methods: There are basically three ways to defend/protect an item in the real-world. For example, when protecting an entrance to a house (i.e. walled safe)—we can:
- Lock the entrance and armour reinforce it—or make it difficult to open/know;
- Block the entrance pathway—by preventing an attacker from reaching it—forexample by placing objects in the entrance-way—or by eliminating it altogether;
- Conceal the entrance—and make it difficult to see/find.
Similarly for datum-copies/attack-surfaces—we can protect these in analogous way(s)
[Axiom 24] Coherency Predicates: We can identify two—enforced—coherency predicates for absolute security; namely: actor-unity (of purpose); and actor-integrity (of action); for safe hardware/software operations on each access-device.
[Axiom 25] Data-Processing Legitimacy: Similarly, unsafe-actor repellent/containment techniques can be used to preserve the legitimacy of data-processing operation(s) on the primary-network.
[Axiom 26] Attack-Surface Types: Attack-surfaces come in six basic kinds.
Firstly we have three related to the datum-copy’s form; or its encapsulating media of storage, transfer and access. Secondly we have three attack-surface types related to the datum-copy’s content; and these are the metrical, descriptive and selectional ones.
[Axiom 27] Actor: An actor (i.e. a program/human/process) existing on and/or influencing the data-processing stack that may be structurally—visible/invisible and/or known/ unknown in terms of existence—but remain questionable/harmful in terms of purpose, value, action and/or integrity—and hence may (potentially) cause undetermined/ detrimental/harmful effects and/or progress unknown or undesirable programming path(s); or else provide unauthorised access to private-datum(s) etc
[Axiom 28] Datum-Copy Components: A datum-copy—encapsulated on a media device —has three components: two related to form: the physical representation, and the virtual representation, and one related to content: which is the meaning representation (with the aforementioned metrical, descriptive and selectional aspects).
[Axiom 29] Protective Measures/Types: Ergo, there are 5 possible attack-surface types for each of three possible media of storage, transfer and access— leading to a grand total of 15 attack-surface types. However each surface may be protected by 6 kinds of protection (entry-method(s) + defence-method(s)): or locking, blocking and concealment mechanism(s); hence we can have up to 90 fundamental kinds/types of protection for a single copy (or a private datum).
[Axiom 30] Local Actor: A local-actor is a data processing unit—existing on a local access-device—comprised of either hardware and/or software/human elements—which (potentially) acts on a datum-copy’s form and/or content within the primary-network’s data- processing stack.
[Axiom 31] Network-Actor: A network-actor is a data processing unit—existing on a remote networked-device—comprised of either hardware and/or software/human elements —which (potentially) acts on a datum-copy’s form and/or content within the primary- network’s data-processing stack.
[Axiom 32] Actor-Coherent Defence: An actor-coherent defence is when all of the actors, entities and processes—present in a primary-network’s data-processing stack—are impelled to act together in order to protect the private datum-copy’s form and/or content from unwarranted social access (hopefully for all places/ times). N.B. An actor may originate—from either automated processes and/or human ones.
[Axiom 33] Access-Node: An access-node is a virtual access gateway (i.e. legitimate login-node/point-of-entry) for a primary/secondary/tertiary network; and is normally used (only) by an authorised party to gain entry to said network. An access-device is a physical access device that enables a human to gain entry to the same network (i.e. a personal computer).
[Axiom 34] Primary-Network: The primary-network is a provided point-to-point communication system; whereby a private access-node (the source-point) exists on a networked access-device; which stores a primary-copy of a private-datum; prior to the single-copy-send of the same to a socially restricted access-node (the destination-point). A primary-network may create legitimate secondary-copies of the primary-copy.
[Axiom 35] Secondary-Network: A secondary-network is a privileged-access network intimately connected to the primary-network’s communication pipeline; whereby copies of communicated private-datum(s) may exist on an nth-party organisational network and/or various local and/or central replication (backup) network(s). A secondary-network may contain legitimate replicated secondary-copies of primary-copies and/or other secondary- copies.
[Axiom 36] Tertiary-Network: A tertiary-network is not directly connected to the primary- network—but nevertheless may still (belatedly) access data traffic flowing across primary and/or secondary-networks—resulting in illegitimate tertiary-copies of primary/secondary- copies.
[Axiom 37] Metrical Attack-Surface: The so-called metrical attack-surface may be protected (for example) by means of encryption (entry locks + content concealment)—or obfuscation of symbolic structure—and so that only an actor with the correct unlocking algorithm(s)/key(s) can decode the underlying symbolic pattern.
[Axiom 38] Descriptive Attack-Surface: The metrical layer is decoded, we must match each symbol to its specific meaning—and according to the common descriptive language employed—named the descriptive attack-surface.
[Axiom 39] Selectional Attack-Surface: Notably the sender and receiver may be using an obscure coding language whereby the symbol-to-meaning relationship is protected (i.e. RED means BIG etc). Finally, modal context(s)—named selectional attack-surface(s)— may protect constructive aspect(s) of the representation.
[Axiom 40] Concealment: We have the target (item to be concealed); and the concealment method. Whereby there are two basic kinds of concealment structural targets: existence of the item, and content (or inner meaning).
[Axiom 41] Concealment Structure: Structure can be—CONCEALED—in 3 ways:
- Conceal form itself; or
- Conceal location (where); or
- Conceal location (when): item time-span, duration or persistence.
[Axiom 42] Concealment Methods: Whereby there are 3 basic processes: (for each method/way)
- Conceal by transformation of form/location; or
- Conceal by similarity (equivalency)—that is by hiding an item alongside a largenumber (of ostensibly identical) items; and
- Conceal by difference (complexity)—or hiding an item amongst a large number ofgreatly/potentially varying forms/structures.
[Axiom 43] Attack-Surface/Window: An attack-surface/attack-window is an exposed facet/ system entry-point for a datum-copy, existing on a primary-network’s data- processing stack, and which (potentially) facilitates unwarranted social access to a private datum-copy’s content and/or form.
[Axiom 44] Attack-Vector: An attack-vector is a specific data-processing path, existing on a primary-network’s data-processing stack—which (potentially) provides unwarranted social access to a private datum-copy’s content and/or form.
[Axiom 45] Access-Gateway: An access-gateway consists of one or more access-nodes and/or exposed attack-surface(s)/window(s)—for a primary, secondary or tertiary copy.
[Axiom 46] Storage-Media: A storage-media is a bundle of hardware/software technologies that work together to form a memory system—and in order to persist a datum-copy’s form and content.
[Axiom 47] Transfer-Media: A transfer-media is a bundle of hardware/software technologies that work together to form a delivery system—and in order to send a datum- copy from a source-point to a destination-point.
[Axiom 48] Access-Media: An access-media is a hardware/software system that enables an actor to see, know and/or change a copy’s form and/or content (e.g. a data-access terminal).
[Axiom 49] Concealment Target: There are basically two kinds of concealment targets; you can either focus on concealing structure—or else encourage the observer to look elsewhere (still a form of concealment).
Whereby either the onlooker:
- Does not know where or when to look for an item (target location obfuscation); or secondly:
- Finds that looking does not reveal how to find the item (target form confusion); or finally:
- Is encouraged to look elsewhere than an item’s true location (observer misdirection —i.e. concentrate on directing the attention of the observer—using decoys and/or false targets—or hide messages in innocuous content etc).
[Axiom 50] For absolute security, we must protect:
- Physical-Gateway(s)—who can obtain a physical copy.
- Virtual-Gateway(s)—who can open a virtual copy.
- Meaning-Gateway(s)—who can decode datum(s).
To be successful, an intruder must first pass through the physical and virtual gateway(s); prior to deciphering the meaning of the inner datum(s)—or passing through any meaning- gateway(s) that happen to be present.
[Axiom 51] Locking Mechanisms: Just for clarification—herein whenever we speak of a locking mechanism for a datum-copy (existing on a specific media of storage, transfer and access)—what we are saying is that the lock prevents the knowing/opening action (i.e for datum access)—by some protected entry-method plus defence-method(s) (i.e. password entry-system (lock) plus content concealment of symbolic structure) [Axiom 51.1]. Alternatively, existence concealment prevents an unsafe-actor from seeing/ finding a copy by means of an entry-method that is itself secret/hidden (i.e. unusual descriptive coding) and/or secret/hidden defence-method(s) (e.g. possibly identical to entry-method) [Axiom 51.2]. Likewise for blocking actions (ref. reaching) [Axiom 51.2]. Obviously there is overlap (and nesting) between the concepts of lock, block and conceal—but it is often useful to open-up protection—as a concept—into such facets.
[Axiom 52] Cryptographic Principles: Ergo, we abide by one (or more) of the following-
- Principle A – Virtual Message Tamper-proofing: The digital signature verification and encryption must be applied to the cipher-text— when it is created—typically on the same primary-network used to compose the message—to avoid tampering (adequate locking—guarantees message integrity).
- Principle B – Physical Message Tamper-proofing: Encrypting at the time of creation is only secure if the encryption device itself has not been tampered with (i.e. closed/ blocked physical gateway(s) or device-integrity).
- Principle C – Employ Secret Keys: Obey Dr Claude Shannon’s maxim (i.e. Kerckhoff’s principle); and assume that: ‘the enemy knows the system’. Avoid relying on security through obscurity and/or security through minority—in terms of not assuming that the secrecy/uncommonness of system design provides unimpeachable protection (adequate concealment + locking).
- Principle D – Pattern Obfuscation: Special encryption/coding/scrambling methods must be employed to prevent spies from deducing information from patterns present in the copy.
- Principle E – Access-node/Key/ID Security: Adequate access control methods must be employed to protect unwarranted access to any and all access-nodes, access-devices, keys, user IDs etc (adequate blocking + key concealment).
- Principle F – Viruses, Trojan-Horses: Methods to eradicate Viruses and to prohibit Trojans misrepresenting as safe-actors— hence preventing unsafe-actors from gaining unwarranted access to copies/actors on the data-processing stack (adequate blocking).
- Principle G – Environmental Spying: Methods to prevent spying on the primary- network through leaking emanations, including radio or electrical signals and vibration(s) etc.
[Axiom 53] Protection By Diversity: Protection by Diversity is a fundamental principle for attaining secrecy/privacy; whereby we first block/bar entry to a private item by some defensive means or protective barrier. Next we build a window/door into the barrier that may be opened (i.e. know/open action)—but only by means of a fully/partially secret entry- method. The entry-method typically includes a mathematical/text value and/or locking key (i.e. a secret password) with a specific form known/available only to authorised parties— and that is difficult to attain/guess; whereby it is diversity (potential to have many different values) that protects the key from discovery/use by an attacker.
[Axiom 54] Coding Types: Descriptive coding refers to the process of assigning a pattern of symbols to the specific meaning of the conveyed message (communicated datum(s)). Selective coding refers to the process of protecting constructive aspects of the symbolic and/or descriptive components of the message by means of private modal context(s).
[Axiom 55] Coding Principles: Ergo—for socially secure communication—we abide by— as many as possible of—the following message/ datum CODING PRINCIPLES:
- Employ effective symbolic encryption; including multi-layer encryption with new keys generated for each communication instance (i.e. use perfect-forward-secrecy).
- Employ obscure descriptive coding methods (i.e. one-time-pad(s) or perfect- secrecy).
- Employ variable selectional coding methods (i.e. multiple code-books in a single message); with constantly changing constructive pattern(s) for each message. (i.e. one-time-pad(s) or perfect-secrecy).
- Employ safe pattern constructs. Avoid sending identical (coded) natural-language constructs repetitively; pad the pattern(s) with NULLS or hide them; use varying constructive code(s).
- Rely on the Beholder’s Share—employ covert and obscure methods for interpretation of meaning.
[Axiom 56] Evasion Attacks: In network security, evasion is bypassing network security in order to deliver an exploit, attack, or other form of malware to a target network or system, without detection.
[Axiom 57] Stealth Defences: A nice antipodal proposition—and remedy for—an evasive attack—is a stealth defence. Whereby all physical and virtual system gateways are rendered invisible and/or out-of-reach of the data-processing actions of any harmful attackers.
[Axiom 58] Gateway Protection: A good rule-of-thumb for achieving—socially secure communication—is that it is always easier (and more effective) to eliminate/conceal a system gateway than to protect access to the same gateway.
[Axiom 59] Stealth Techniques: Effective—STEALTH TECHNIQUES—include (for defence):
- BLOCK – Move access-node(s)—plus related data-set(s)—including user data (i.e. user owned IDs/keys)—to a private (possibly portable) access-device; closing physical/virtual gateway(s).
- RESTRICT– Employ an invitation-only-network + cypher-matching— whereby unsafe parties are blocked (i.e use a private network).
- DECEPTION – Use false/null data-traffic, decoys, honey-pots, spoofed access- device IP/MAC addresses (hide source + destination IDs/point(s)); hide message(s) in innocuous content; closing invalid gateway(s).
- SECRECY – Use a secret/scrambled/coded protocol (key-protected); secret routers/gateways—to close/protect all datum physical/virtual-gateway(s).
- CURTAIL – Eliminate all legitimate and illegitimate secondary copies (e.g. use a Peer-to-Peer (P2P) network); closing physical + virtual gateway(s).
- DEFEND – Protect the communication channel (e.g. use distributed transport and/ or concealed packet(s)).
- CONCEAL – Conceal the method(s) of coding within a large range of possible method(s) + vary/overlap method(s); that is protect meaning gateway(s) (i.e. exploit the beholder’s share).
- LOCALISE – Localise Identity and Access Management System(s). Do not trust private items to nth-parties.
- CONFUSE – Employ nested protective layers (ref. physical/virtual gateways).
[Axiom 60] Gateway Protection: In a nutshell, we wish to reduce gateway: exposure (limit existence in place/time), number(s), visibility and fragility—eliminating/nullifying attack-vectors.
[Axiom 61] Gateway Architecture: As previously defined, an access-gateway consists of one or more access-nodes and/or (potentially) exposed attack-surfaces for a primary, secondary or tertiary copy. Earlier in Chapter 5 we characterised three different types of access-gateway for datum-copies existing on a point-to-point communication system. Firstly, we have physical-gateway(s)—which determine who may obtain a physical copy; next we have virtual-gateway(s)—which determine who can open a virtual/formatted copy; and finally we have meaning-gateway(s) that determine who can decode a copy. To be successful an intruder must (typically) pass through several (nested) physical and virtual gateway(s); before decoding all meaning gateway(s)—and in order to uncover the communicated datum(s). Ergo gateway defence-method(s) and/or entry-barriers—typically provide a hierarchy of defensive ‘high- walls’—much like a castle (defence-in-depth).
[Axiom 62] Absolute Security (Target and Methods): In summary, attaining absolute security for our digital communication(s)—is a difficult-to-reach—but not impossible goal. Just like the magician, rather than performing any real magic tricks (achieving unbreakable encryption/coding)—we misdirect.
Accordingly, we seek to:
- Lock/block/conceal system gateway(s);
- Conceal the method(s) of entry/defence (variable aspects) within a large range—of(potential) methods;
- Employ depth-defences to confuse/ slow-down an attacker.
In this manner (A+B+C) [named as Axiom 62], we safeguard attack-surface entry- methods.
END OF CYBERSECURITY AXIOMS